On Fri, 2013-05-31 at 03:52 -0700, tony wrote: > I've been running spamassassin for about 4 years on a centos 5 server, > currently running spamassassin-3.3.1-2.el5. I've always been impressed and > very pleased with the way SA works and I regularly run sa-update and I > update the bayes databases. I use plugins too - raor, pyzor, dkim etc but > over the last couple of months I've seen SA's effectiveness wane, with more > spam emails slipping though into my inbox. > For the last few months almost all my spam stream has been Stock pump'n'dump scams (no particular TLD associated with it) and a small admixture of marital aid spam (almost all from Russia).
I've just done a quick scan: both types cause locally written rules to fire, but almost all the pump'n'dump spam would be caught by standard SA rules and/or URIBLs. I'm uncertain whether this also applies to the marital aid spam: it triggers my "CYRILLIC" rule, which simply catches anything with a .ru or .su TLD unless its from one of my three Russian correspondents. So, no, I don't agree with you: SA is working just fine here. My local rule collection is largely stable, is changing very slowly and is averaging less than one misclassified ham per week - and I can easily fish that out of my quarantine area. Currently my spam load is around 15-20% of incoming mail, which is relatively low volume as I'm a private site. HTH Martin
